b'January 20, 2009\n\nGEORGE W. WRIGHT\nVICE PRESIDENT, INFORMATION TECHNOLOGY OPERATIONS\n\nSUBJECT: Audit Report \xe2\x80\x93 Service Continuity at the Information Technology and\n         Accounting Service Centers for Fiscal Year 2008\n         (Report Number IS-AR-09-003)\n\nThis report presents the results of our audit of service continuity at the xxxxx,\nxxxxxxxxx, xxx xxx xxxxx, xxxxxxxxxx, Information Technology and Accounting Service\nCenters (IT/ASC) (Project Number 08RD001IS004). The objective of this audit was to\ndetermine whether service continuity procedures are in place to minimize the risk when\nunexpected events occur and to ensure critical operations continue without\nunreasonable interruption. We performed this self-initiated review as part of the fiscal\nyear (FY) 2008 information systems audit of general controls at the U.S. Postal\nService\xe2\x80\x99s IT/ASCs. See Appendix A for additional information about this audit.\n\nConclusion\n\nOverall, we believe management adequately developed the infrastructure and service\ncontinuity processes and procedures to maximize the availability of critical Postal\nService operations. The Postal Service is undergoing significant changes in the\ncomputing infrastructure, including virtualization and replication. They have made\nprogress building a replication process between the xxxxx xxx xxx xxxxx IT/ASCs and\nhave established testing schedules for critical and sensitive applications. To further\nminimize the risk of service disruption, management could improve processes for xxx-\nxxxx xxxxxxx xx xxxx tapes and procedures for facility recovery program updates at the\nxxx xxxxx IT/ASC.\n\nUNIX Tape Off-Site Storage\n\nxxx xxx xxxxx xx/xxx xxx xxx xxxxxx xxxx xxxxxx xxxxx xxxxxxxx xxxxx xxx xxxx. This\noccurred because management did not assign responsibilities for these procedures\nafter organizational changes. San Mateo personnel believed that xxxxx administered\noff-site tape storage procedures while the Eagan personnel were unaware of this\nresponsibility. xxxxxxxx xxxxxxx xx xxxx xxxxx xxx xxxxxxxx xxxxx xxxxxxxxxx xxxx\nxxxx xxxxxxxxxxxx xxx xxxxxxxx xx xxx xxxxx xx xxxxxxxx. See Appendix B for our\ndetailed analysis of this topic.\n\n\n\n\n                                   Restricted Information\n\x0cService Continuity at the Information Technology and                                                    IS-AR-09-003\n Accounting Service Centers for Fiscal Year 2008\n\n\nWe recommend the Vice President, Information Technology Operations, direct the\nManager, Information Technology Computing Services, to:\n\n1. Designate the personnel responsible for administering the backup process for the\n   xxx xxxxx Host Computing Services Center.\n\n2. Implement procedures to ensure xxxx backup tapes are stored off-site.\n\nFacility Recovery Plan Update\n\nThe Facility Recovery Plan was not current for the xxx xxxxx IT/ASC. This occurred\nbecause management did not assign responsibilities for these procedures after\norganizational changes and xxx xxxxx personnel believed that xxxxxxx Management\nSupport Service Center was responsible for updates. An updated plan could help avoid\nconfusion during personnel evacuation in an emergency situation and help resume\nbusiness operations as quickly as possible. See Appendix B for our detailed analysis of\nthis topic.\n\nWe recommend the Vice President, Information Technology Operations, direct the\nManager, Information Technology Computing Services, to:\n\n3. Clarify the responsibility for maintaining and administering the Facility Recovery Plan\n   for the xxx xxxxx Information Technology and Accounting Service Center.\n\n4. Update the Facility Recovery Plan for the xxx xxxxx Information Technology and\n   Accounting Service Center.\n\nAdvanced Computing Environment Server Contingency Planning\n\nAudit trails of backup data for xxxxxxxx xxxxxxxxx xxxxxxxxxxx xxxxx servers did not\nclearly show that the data for the servers were stored off-site. Further, applications\nrunning on these servers were not tested in a disaster recovery simulation. Specifically,\nthe xxx server we selected for review at the xxxxx IT/ASC was backed up locally, but\naudit trails did not clearly show that the data for the server xxxx xxxxxx xxxxxxxx. xxx\nxxx xxx xxxxxxx xx xxxxxxxx xx xxx xxx xxxxx xxxxxx, xxxxx xx xx xxxxxxxx xxxx xxxxxx\nxxxx xxxx xxxxx xxxxxx xxxxxxxx. This occurred because the Postal Service is\nundergoing significant changes from stand-alone physical servers to a virtualization1\nand replication environment. Routinely duplicating or backing up data files to off-site\nstorage prevents or minimizes the damage to automated operations that can occur from\n1\n  Virtualization is a software technology that lets one computer do the job of multiple computers by sharing the\nresources of a single computer across multiple environments. Virtual servers and virtual desktops allow hosting of\nmultiple operating systems and multiple applications locally and in remote locations, freeing users from physical and\ngeographical limitations. The benefits include energy savings, lower capital expenses due to more efficient use of\nhardware resources, high availability of resources, better desktop management, increased security, and improved\ndisaster recovery processes.\n\n\n\n                                                          2\n                                               Restricted Information\n\x0cService Continuity at the Information Technology and                         IS-AR-09-003\n Accounting Service Centers for Fiscal Year 2008\n\n\nunexpected events. Performing periodic testing of application backup data helps\nensure application and data recoverability in the event of a disaster. We are not making\na recommendation because management is currently deploying a replication process\nthat will address the audit trail issue. In addition, because of our review, management\nrecognized the need for application recovery testing and has re-prioritized resources to\nmeet their testing schedules.\n\nManagement\xe2\x80\x99s Comments\n\nManagement agreed with all four recommendations. In response to recommendation 1,\nmanagement stated that the Storage Management group within Host Computing\nServices is responsible for all backup processes in xxxxx xxx xxx xxxxx. In addressing\nrecommendation 2, management stated that the offsite storage process was developed\nin accordance with a Sarbanes-Oxley requirement. Management will provide\nsupporting documentation on the process by March 31, 2009. Further, in response to\nrecommendation 3, management stated the Manager, Management Support Service\nCenter, is responsible for maintaining and administering the xxx xxxxx Facility Recovery\nPlan. Finally, for recommendation 4, management stated that an updated Facility\nRecover Plan is currently available. Management considers actions completed on\nrecommendations 1, 3, and 4. See Appendix C for management comments, in their\nentirety.\n\nEvaluation of Management\xe2\x80\x99s Comments\n\nThe U.S. Postal Service Office of Inspector General (OIG) considers management\xe2\x80\x99s\ncomments responsive to each of the recommendations, and their corrective actions\nshould resolve the issues identified in the report.\n\nThe OIG considers recommendation 2 significant, and therefore requires OIG\nconcurrence before closure. Consequently, the OIG requests written confirmation when\ncorrective actions are completed. This recommendation should not be closed in the\nfollow-up tracking system until the OIG provides written confirmation that the\nrecommendation can be closed.\n\n\n\n\n                                                     3\n                                          Restricted Information\n\x0cService Continuity at the Information Technology and                        IS-AR-09-003\n Accounting Service Centers for Fiscal Year 2008\n\n\nWe appreciate the cooperation and courtesies provided by your staff. If you have any\nquestions or need additional information, please contact Frances E. Cain, Acting\nDirector, Information Systems, or me at (703) 248-2100.\n\n   E-Signed by Tammy Whitcomb\n VERIFY authenticity with ApproveIt\n\n\n\n\nTammy L Whitcomb\nDeputy Assistant Inspector General\n for Revenue and Systems\n\nAttachments\n\ncc: Ross Philo\n    H. Glen Walker\n    Harold E. Stark\n    Joseph J. Gabris\n    Katherine S. Banks\n\n\n\n\n                                                     4\n                                          Restricted Information\n\x0cService Continuity at the Information Technology and                                               IS-AR-09-003\n Accounting Service Centers for Fiscal Year 2008\n\n\n                          APPENDIX A: ADDITIONAL INFORMATION\n\nBACKGROUND\n\nDuring FY 2006, management purchased mainframe disaster recovery equipment and\nupgraded the mainframe operating system at the xxxxx xxx xxx xxxxx IT/ASCs. The\nnew equipment enabled the xxx facilities to electronically send replicated production\nmainframe files directly to storage devices located at the xxxxx xxxx, making each site a\nxxxxxxxxxx disaster recovery location xxx xxx xxxxx. Application testing followed\ninstallation of the mainframe replication process.\n\nManagement began deploying a similar replication process for the distributed platforms\nfor xxxx xxx xxxxxxx servers. However, management faced challenges building the\ninfrastructure for these distributed platforms, which resulted in delays in the application\ndisaster testing. As an interim measure, the xxxxx xxx xxx xxxxx IT/ASCs backed up\nsome production data to tape media and stored it xxxxxxxx xx xxxxx xxxxxx xxxxxxxxxx.\n\nOBJECTIVE, SCOPE, AND METHODOLOGY\n\nThe objective of this audit was to determine if service continuity procedures are in place\nto minimize the risk when unexpected events occur, and to ensure critical operations\ncontinue without interruption or can be resumed within a reasonable amount of time.\n\nThe scope of our review included reviewing continuity of operations planning and testing\nfor Postal Service facilities. We also reviewed disaster recovery testing for critical\nPostal Service facilities, workgroups, and computer applications residing on mainframe\nand distributed platforms, xxxxx xxxxxxx xxxx xxx xxxxxxx xxxxxxx xx xxx xxxxx xxx xxx\nxxxxx xxxxxxx.\n\nThe audit covered the following primary platforms used in the Postal Service\xe2\x80\x99s\ncomputing environment.\n\n    \xe2\x80\xa2   xxxxxxxxx (xxxx2 xxx xxxxxx xxxxxxxxx3\n    \xe2\x80\xa2   xxxx xxxxxxxxxxx\n    \xe2\x80\xa2   xxxxxxx xxxxxxx xxxxxxxxx xxx xxxxxxxxxxxxxx xxxxxxxx\n    \xe2\x80\xa2   xxxxxxxxx xxxxxxxxx x xxxxx xxx xxxxxxx4\n\n\n\n\n2\n  xxxxxx xx xxx xxxxxxxxxxxxx xxxxxxxx xxxxxxxx xxxx\xe2\x84\xa2x xxxxxxx xxxx xxx xxxxx xxxxxxxxxxx xxxxxxxxx xxxxxx.\xe2\x80\x99\n3\n  xxxxxx xxxxxxxx xxxxxx xx xxxxxxxxx xxxxxxxx xxxxxxxx xxxx xx xxx xxxx xxxxxxxxx xxxx xxxx, xxx xxx xxxxxxxxx\nxxx xxxxxxxxx xxxxxxxxxx. xxxxxxxx xxxxxxx xxx xxxxxxxxx xxxxxxxx xxxxxxxx xxxxxxt xxxxx xxxxxxxx xxxxxxxxx\nxxxxxxxxx xxx xxxxxxxx xxx xxx xxxxxxxxx xxxxxxxxxx xxxxxxx xxxxx xx xxxx xxx xxxxxxxxxx xxx xxxxxxxxxx.\n4\n  xxx xxx xxxxxxxx xxxx xx xxx xxxxxxxxx xxxxxxxxxxx. xxxxxx xxxxxxxx xxxxxxxx xxxx xxxxxxxxx xx xxx xxxx\nxxxxxxxxxxx.\n\n\n                                                       5\n                                            Restricted Information\n\x0cService Continuity at the Information Technology and                                                IS-AR-09-003\n Accounting Service Centers for Fiscal Year 2008\n\n\nWe judgmentally selected several applications5 for review on these platforms. Criteria\nused to make our selections included production status, financial relevance, sensitivity\nor criticality, platform, and location. Table 1 provides a summary of the applications\nreviewed.\n\n                   Table 1: Applications Selected for Review by Platform\n\n       xxxxxxxx              xxxxx xxxxxxxxxxxx                     xxx xxxxx xxxxxxxxxxxx\n       Mainframe             OMAS; ChangeMan                        EMRS\n       UNIX                  eAwards                                EMRS\n       Windows               OMAS                                   SRM\n       Databases             eAwards (Oracle)                       EMRS (Oracle)\n                             ChangeMan (DB2)                        PTS (DB2)\n\nTo accomplish our objective, we interviewed Postal Service facility officials, analyzed\nPostal Service policies and procedures, and tested related internal controls. To\ndetermine if service continuity plans were complete and tested, we reviewed facility,\nworkgroup, and application recovery plans. We also analyzed documentation related to\nthe testing of these plans at each xxxxxx. To determine if the Postal Service was\nbacking up critical production files and servers, we reviewed system-generated reports\nand observed back-up tape handling procedures at the xxxxx xxx xxx xxxxx xxxx\nxxxxxxxxx xxxxxxxx xxxxxxx.\n\nWe conducted this audit from April 2008 through January 2009 in accordance with\ngenerally accepted government auditing standards and included such tests of internal\ncontrols as we considered necessary under the circumstances. Those standards\nrequire that we plan and perform the audit to obtain sufficient, appropriate evidence to\nprovide a reasonable basis for our findings and conclusions based on our audit\nobjective. We believe the evidence obtained provides a reasonable basis for our\nfindings and conclusions based on our audit objective. We used manual and automated\ntechniques to analyze the computer-processed data. Based on the results of these\ntests and assessments, we generally concluded the data were sufficient and reliable to\nuse in meeting the objective. We discussed our observations and conclusions with\nmanagement officials during the audit and on December 10, 2008, and included their\ncomments where appropriate.\n\n\n\n\n5\n  We selected the following applications: Official Mail and Accounting System (OMAS), Electronic Awards System\n(eAwards), Electronic Marketing Reporting System (EMRS), Serena ChangeMan, Sales Resource Management\n(SRM), and Product Tracking System (PTS).\n\n\n                                                        6\n                                             Restricted Information\n\x0cService Continuity at the Information Technology and                                             IS-AR-09-003\n Accounting Service Centers for Fiscal Year 2008\n\n\nPRIOR AUDIT COVERAGE\n\n                                      Final\n                    Report           Report        Monetary\nReport Title        Number            Date          Impact                  Report Results\nDisaster           IS-AR-07-018     September          N/A         In general, the Postal Service\nRecovery                            14, 2007                       established and updated continuity\nTesting for                                                        plans and procedures relating to\nCritical Postal                                                    essential business functions at the\nService                                                            IT/ASCs. However, we provided\nApplications at                                                    recommendations for implementing the\nthe xxxxx,                                                         disaster recovery infrastructure to test\nxxxxxxxxx xxx                                                      all critical midrange applications;\nxxx xxxxx,                                                         developing a schedule documenting\nCalifornia                                                         when they will conduct full operational\nInformation                                                        recovery tests for critical applications;\nTechnology and                                                     and prioritizing testing of mainframe\nAccounting                                                         disaster recovery infrastructure to\nService Centers                                                    complete full operational recovery tests\nfor Fiscal Year                                                    of all critical mainframe applications.\n2007                                                               Management established the schedule\n                                                                   for testing applications; however,\n                                                                   actions for the remaining\n                                                                   recommendations have not been\n                                                                   completed.\nMainframe          IS-AR-07-002     November           N/A         Overall, Postal Service administrators\nService                             16, 2006                       adequately implemented the service\nContinuity                                                         continuity programs. However, we\nPlanning and                                                       recommended testing of the disaster\nTesting at the                                                     recovery equipment at the Eagan and\nxxxxx, xxxxxxxxx                                                   xxx xxxxx facilities. This\nxxx xxx xxxxx,                                                     recommendation was subsequently\nCalifornia                                                         completed and closed.\nInformation\nTechnology and\nAccounting\nService Centers\n\n\n\n\n                                                     7\n                                          Restricted Information\n\x0cService Continuity at the Information Technology and                                               IS-AR-09-003\n Accounting Service Centers for Fiscal Year 2008\n\n\n                               APPENDIX B: DETAILED ANALYSIS\n\nxxxx Tape Off-Site Storage\n\nxxx xxxxx xxx xxx xxxxx xxxxxxx xxxx xx xxxxxxxxxx xxxx xxxxxxx xx x xxxxxxx xxxxxx,\nxxxxx xxxx xxxx xxxxxxxxx xxxxxxx xxxxxxxxxxxx xxx xxxxxx xx xx xxxx xxxxx xxx\nxxxxxx xxxxxxxx xx xxxxx xxxxxx xxxxxxxxxx. xxx xxxxxx xxxxxxx xxxx x xxxxxx xx\nxxxxxxxxx xxx xxxxx xxxxx xxxxxxx xxxxx xx xxxx xxxxx xxx xxx xxxxx xxxxx. Postal\nService staff is responsible for ejecting and preparing tape media for storage on a\nscheduled basis.\n\nAt the xxx xxxxx xxxx xxxxxxxxx xxxxxxxx xxxxxx, we sampled an xxxx application\nserver xxxxxxxxxxxxxxx and traced the audit trail to ensure the data was backed up and\nstored xxxxxxxx. xx xxxxx xxxx xxxxxx xxxxxxx xxxxxxxxx xxx xxx xxxxxxx xxx\nxxxxxxxxx xx xxxxxxx xxxxxxx xxxxx xxx xxxxxx xxxxxxx xxx xxxxxxxx xxxxxxx. We\nlearned that xxxx xxxxx xxx xxx xxxx xxxxxx xxxxxxxx xxxxx xxx xxxx. Postal Service\npersonnel noted there are nearly xxx xxxx servers at the xxx xxxxx xxxxxx which include\nsome critical applications. Management immediately initiated action to assess the\noverall backup environment.\n\nFacility Recovery Plan Update\n\nThe xxx xxxxx Facility Recovery Plan (FRP) did not contain current information. We\nreviewed various documents relating to service continuity and disaster recovery\nplanning. Postal Service policy6 requires the FRP to include information about the\nprocess of restoring a facility to a condition so it meets appropriate personnel, business\nunit, and safety requirements; and making the facility ready to support business\nfunctions and computer programming support. xxxxxxx FRP included the detailed\ninformation in the Occupant Emergency Plan. xxx xxxxx did not have the same\ndocument, but included similar information in the FRP. However, this document was\nlast updated in February 2006 and contained obsolete information. Management was\nunable to determine the ownership and responsibility for updating the document.\n\n\n\n\n6\n Handbook AS-805, Information Security, Section 12-4.4.2, Facility Recovery Plan, dated March 2002 (updated with\nPostal Bulletin revisions through November 23, 2006).\n\n\n\n                                                       8\n                                            Restricted Information\n\x0cService Continuity at the Information Technology and               IS-AR-09-003\n Accounting Service Centers for Fiscal Year 2008\n\n\n                        APPENDIX C: MANAGEMENT\xe2\x80\x99S COMMENTS\n\n\n\n\n                                                     9\n                                          Restricted Information\n\x0cService Continuity at the Information Technology and               IS-AR-09-003\n Accounting Service Centers for Fiscal Year 2008\n\n\n\n\n                                                    10\n                                          Restricted Information\n\x0c'